Data_protection_eng – relishandrevel.com

DATA PROTECTION

1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. In this context, personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is Relish and Revel GbR, Ringstraße 10, 91413 Neustadt an der Aisch, Germany, Tel.: 01787819800, e-mail: bernd.scheurer@relishandrevel.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– Our visited website
– Date and time at the time of access
– Amount of data sent in bytes
– Source/reference from which you reached the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

3) Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the paragraphs below.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting us
4.1 Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

4.2 WhatsApp business
We offer visitors to our website the possibility of contacting us via the messaging service WhatsApp of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. For this purpose, we use the so-called “business version” of WhatsApp.
If you contact us via WhatsApp on the occasion of a specific transaction (e.g. an order placed), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b. DSGVO to process and respond to your request. On the basis of the same legal basis, we may ask you to provide further data (order number, customer number, address or email address) via WhatsApp in order to be able to assign your request to a specific process.

If you use our WhatsApp contact for general enquiries (such as about the range of services, availability or our website), we will store and use the mobile phone number you used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in providing the requested information efficiently and promptly.
Your data will only ever be used to respond to your request via WhatsApp. It will not be passed on to third parties.
Please note that WhatsApp Business obtains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a Facebook server in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact data of those users who have also contacted us via WhatsApp are stored.

This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transmission of his or her WhatsApp telephone number from the address books of his or her chat contacts in accordance with Art. 6 (1) lit. a DSGVO when using the app on his or her device for the first time by accepting the WhatsApp terms of use. A transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded in this respect.
Facebook Inc. with headquarters in the USA is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
For the purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to the WhatsApp data protection information: https://www.whatsapp.com/legal/?eea=1#privacy-policy

5) Data processing when opening a customer account and for the execution of a contract
Pursuant to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part.

6) Use of single sign-on procedures
6.1 Facebook Connect
On our website, you can log in to create a customer account or register using the social plugin “Facebook Connect” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), within the framework of the so-called single sign-on technique, if you have a Facebook profile. You can recognise the social plugins from “Facebook Connect” on our website by the blue button with the Facebook logo and the inscription “Log in with Facebook” or “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Facebook’s legitimate interest in displaying personalised advertising based on your surfing behaviour.
By using this “Facebook Connect” button on our website, you also have the option of logging in or registering on our website using your Facebook user data. Only if you give your express consent in accordance with Art. 6 (1) lit. a DSGVO prior to the registration process on the basis of a corresponding notice about the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile from Facebook when you use the “Facebook Connect” button, depending on your personally made data protection settings at Facebook. This information includes the user ID, name, profile picture, age and gender.
We would like to point out that, following changes to Facebook’s data protection conditions and terms of use, consent may also result in the transfer of your profile pictures, your friends’ user IDs and the friends list if these have been marked as “public” in your privacy settings on Facebook. The data transmitted by Facebook will be stored and processed by us for the creation of a user account with the necessary data (title, first name, surname, address data, country, e-mail address, date of birth), if you have released them for this purpose at Facebook. Conversely, data (e.g. information on your surfing or purchasing behaviour) may be transferred from us to your Facebook profile on the basis of your consent.
The consent given can be revoked at any time by sending a message to the responsible person named at the beginning of this data protection declaration.
Facebook Inc. with headquarters in the USA is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/policy.php.
If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with “Adblock Plus” (https://adblockplus.org/de/).

6.2 Google+ Sign-In
On our website, you can log in to create a customer account or register using the social plugin “Google+ Sign-In” of the social network Google+ , which is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google+”), within the scope of the so-called single sign-on technology, if you have a Google+ profile. You can recognise the “Google+ Sign-In” or “Register with Google” social plugins on our website by a red button with the Google+ logo and the words “Google Sign-In” or “Register with Google” or “Register with Google” or “Register with G”.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Google+ servers. The content of the plugin is transmitted by Google+ directly to your browser and integrated into the page. Through this integration, Google+ receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Google+ profile or are not currently logged into Google+. This information (including your IP address) is transmitted by your browser directly to a Google+ server and stored there; this may also involve transmission to the servers of Google LLC. in the USA. These data processing operations are carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of Google’s legitimate interest in displaying personalised advertising based on surfing behaviour.
By using this Google+ button on our website, you also have the option of logging in or registering on our website using your Google+ user data. Only if you give your express consent in accordance with Art. 6 (1) lit. a DSGVO prior to the registration process on the basis of a corresponding notice about the exchange of data with Google, will we receive the general and publicly accessible information stored in your profile when you use the Google+ button from Google+, depending on your personal data protection settings on Google+. This information includes the user ID, name, profile picture, age and gender.
We would like to point out that, following changes to the Google+ privacy terms and conditions of use, consent may also result in the transfer of your profile pictures, the user IDs of your friends and the friends list if these have been marked as “public” in your privacy settings on Google+. The data transmitted by Google+ will be stored and processed by us to create a user account with the necessary data (title, first name, surname, address data, country, e-mail address, date of birth), if these have been released by you on Google+ for this purpose. Conversely, data (e.g. information on your surfing or purchasing behaviour) may be transferred from us to your Google+ profile on the basis of your consent.
The consent given can be revoked at any time by sending a message to the responsible person named at the beginning of this data protection declaration.
In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC. has certified itself for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
For the purpose and scope of the data collection and the further processing and use of the data by Google+, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Google+ privacy policy: https://www.google.de/intl/de/policies/privacy/
You can view the terms of use for the use of “Google+ Sign-In” or “Register with Google” here: https://www.google.de/intl/de/policies/terms/regional.html
If you do not want Google+ to assign the data collected via our website directly to your Google+ profile, you must log out of Google+ before visiting our website. You can also completely prevent the loading of Google+ plugins with add-ons for your browser, e.g. with “Adblock Plus” (https://adblockplus.org/de/).

7) Data processing for order handling
7.1 In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b DSGVO.

7.2 Use of payment service providers (payment services)
– PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

8) Rights of the data subject
8.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
– Right to information pursuant to Art. 15 DSGVO: You have in particular a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and the intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 DSGVO in case of transfer of your data to third countries;
– Right to rectification pursuant to Art. 16 of the GDPR: You have the right to have any inaccurate data relating to you rectified without delay and/or to have any incomplete data stored by us completed;
– Right to deletion pursuant to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the requirements of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
– Right to restriction of processing pursuant to Art. 18 of the GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified; if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you require your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved; or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
– Right to information pursuant to Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
– Right to data portability pursuant to Art. 20 DSGVO: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
– Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
– Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

9) Duration of the storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.